In today’s digital age, data security has become a priority for organizations worldwide. Health care providers, in particular, must focus on safeguarding the personal and sensitive information of their clients. Point32Health, the parent organization of Harvard Pilgrim Health Care (“Harvard Pilgrim”) and Tufts Health Plan, recently experienced an unfortunate cybersecurity incident, underscoring the importance of robust security measures and rapid response protocols in protecting patient data.

On April 17, 2023, Point32Health discovered a ransomware attack on its computer systems. The organization quickly brought in third-party cybersecurity experts to conduct an exhaustive investigation and take steps to remediate the situation.

Regrettably, the investigation found evidence that data may have been copied from the Harvard Pilgrim systems during the period from March 28, 2023, to April 17, 2023. This security breach is a matter of great concern for Harvard Pilgrim, which sincerely regrets any inconvenience or stress this incident may have caused its subscribers and providers.

The compromised files potentially contain personal information and/or protected health information of current and former subscribers, dependents, and contracted providers. This sensitive data includes names, physical addresses, phone numbers, dates of birth, health insurance account information, Social Security numbers, provider taxpayer identification numbers, and clinical information like medical history, diagnoses, treatment data, dates of service, and provider names.

Despite these challenges, Harvard Pilgrim has not found any evidence of misuse of personal and protected health information as a direct result of this incident. As a precautionary measure, Harvard Pilgrim has begun to notify potentially affected individuals to provide them with more information and resources.

To assist those potentially impacted, Harvard Pilgrim is offering complimentary identity protection and two years of credit monitoring services. The health care provider strongly encourages individuals to regularly check their credit reports, account statements, and benefit statements for any suspicious or fraudulent activity. If any such activity is detected, it should be immediately reported to the relevant entity and the proper law enforcement authorities, including the police and their state attorney general.

In light of this event, Harvard Pilgrim is further strengthening its data security measures to prevent similar incidents in the future. Data security has always been, and will continue to be, a top priority for Harvard Pilgrim.

To address questions and concerns arising from this incident, Harvard Pilgrim has set up a dedicated call center that can be reached at (888) 220-5517 (toll-free), Monday through Friday from 9:00 a.m. to 9:00 p.m. ET, excluding U.S. holidays. Additionally, more information is available on the Harvard Pilgrim website at https://www.harvardpilgrim.org/.